3.2.3 Managing Access Gateways Settings

Viewing and Modifying Gateway Settings

  1. Click Devices > Access Gateways.

  2. Select one of the following options:

    Option

    Description

    Stop

    To stop an Access Gateway , select the service, then click Stop. You can use the Restart option to start Access Gateway .

    Restart

    To stop and start an Access Gateway , select it, then click Restart. If Access Gateway is already stopped, use Restart to start it.

    Refresh

    To update the list of Access Gateways and the status columns, click Refresh.

  3. Select an Access Gateway, and then select one of the following options:

    Option

    Description

    Scheduled Restart

    To schedule when a selected Access Gateway must be stopped and then started, select Schedule Restart. On an Access Gateway Service, a restart stops Access Gateway Service, then starts it. For information about how to schedule this command, see Scheduling a Command.

    Scheduled Stop

    To schedule when a selected Access Gateway or cluster must be stopped, select Schedule Stop.

    You can use the Restart option to start it again.

    For more information, see Scheduling a Command

    Purge List Now

    Click this to purge all objects in the current purge list from the cache of the selected server or cluster.

    Purge All Cache

    Click this to purge the server cache for the selected server or cluster. All cached content is cleared.

    When you change certain configuration such as updating or changing certificates, changing the IP addresses of web servers, or modifying the rewriter configuration, you are prompted to purge the cache. The cached objects must be updated for users to see the effects of configuration changes. If Access Gateways are in a cluster, you need to manage the purge process so your site remains accessible to your users. You must apply configuration changes to one member of a cluster. When its status returns to healthy and current, issue the command to purge its cache. Then apply the changes to the next cluster member.

    IMPORTANT:Do not issue a purge cache command when an Access Gateway has a pending configuration change. Wait until the configuration change is complete.

    Update Health from Server

    Click this to send a request to the server for updated health information. If you have selected multiple servers, a request is sent to each one. The health status changes to an animated circle until the reply returns.

    Service Provider

    • Start Service Provider: Starts Embedded Service Provider (ESP) associated with the selected Access Gateway. ESP is the module within Access Gateway that communicates with Identity Server.

      You must restart ESP whenever you enable or modify logging on Identity Server.

    • Stop Service Provider: Stops ESP associated with the selected Access Gateway.

      When Access Gateway does not function correctly, stop and start ESP before stopping and starting Access Gateway.

    • Restart Service Provider: Restarts ESP associated with the selected Access Gateway.

      When an Access Gateway does not function correctly, restart ESP before stopping and starting Access Gateway.

  4. Use the following links to manage a cluster or an Access Gateway:

    Option

    Description

    Name

    Displays a list of Access Gateways and clusters that you can manage from this Administration Console.

    • To view or modify details of a particular server, click the server name.

    • To view or modify details of a cluster, click the cluster namer.

    Status

    Indicates the configuration status of the clusters and Access Gateways. For more information, see Status Options.

    Health

    Indicates whether a cluster or an Access Gateway is functional. Click the icon to view additional information about the operational status of an Access Gateway.

    Alerts

    Indicates whether any alerts have been sent. If the alert count is non-zero, click the count to view more information.

    Commands

    Indicates the status of the last executed command and whether any commands are pending. Click the link to view more information. For more information, see Section 25.2, Viewing the Command Status of Access Gateway.

    Statistics

    Provides a link to the statistic pages.

    Edit

    Provides a link to the configuration page. If the server belongs to a cluster, the Edit link appears on the cluster row. Otherwise, the link is on the server row. See Section 3.2.1, Configuration Overview.

Status Options

  1. Click Devices > Access Gateways.

  2. View Status and make changes as necessary.

    Status

    Description

    Current

    Indicates that all configuration changes have been applied.

    Update

    Indicates that a configuration change has been made, but not applied.

    To apply the changes, click Update, and then select one of the following options:

    • All Configuration: Access Gateway reads complete configuration file and restarts ESP.

      The configuration update causes logged-in users to lose their connections unless the server is a member of a cluster. When the server is a member of a cluster, the users are sent to another Access Gateway and they experience no interruption of service.

    • Logging Settings: This option is available when the ESP logging settings have been modified on Identity Server. This option causes no interruption in services. When you modify Access Gateway logging settings, this option is not available because they are considered as configuration settings.

    • Policy Settings: If a policy is modified for a protected resource of Access Gateway and the policy change is the only modification that has occurred, the update option for Policy Settings is available. This option causes no interruption in services.

    • Rewriter Profile Changes: When an administrator changes the rewriter profile, a purge cache command is issued to a Gateway from Administration Console, the connection is lost and the service is interrupted for a few seconds. Similar experience is observed during the rewriter profile configuration change, as this internally triggers the purge cache command.

    • Changing Certificates: When a certificate configuration is changed from Administration Console, the service is interrupted due to the Tomcat restart.

    Update All

    This link is available when a server belongs to a cluster. You can select to update all the servers at the same time, or you can select to update them one at a time. If the modification is a policy or a logging change, then use Update All. If the modification is a configuration change, we recommend that you update the servers one at a time.

    • When you select Update All for a configuration change, users experience an interruption of service.

    • When you update servers one at a time for a configuration change, users experience no interruption of service.

    When you make the following configuration changes, the Update All option is the only option available and your site will be unavailable while the update occurs:

    • Identity Server configuration that is used for authentication is changed (Access Gateways > Edit > Reverse Proxy/Authentication, then select a different value for the Identity Server Cluster option).

    • A different reverse proxy is selected to be used for authentication (Access Gateways > Edit > Reverse Proxy/Authentication, then select a different value for the Reverse Proxy option).

    • The protocol or port of the authenticating reverse proxy is modified (Access Gateways > Edit > Reverse Proxy/Authentication > [Name of Reverse Proxy], then change the SSL options or the port options).

    • The published DNS name of the authentication proxy service is modified (Access Gateways > Edit > Reverse Proxy/Authentication > [Name of Reverse Proxy] > [Name of First Proxy Service], then modify the Published DNS Name option).

    For more information, see Applying Changes to Access Gateway Cluster Members.

    Update

    If the configuration update contains a configuration error, the Update link is disabled and the Configuration Error icon is displayed. Click the icon to discover which objects have been misconfigured. You need to fix the error by canceling or modifying the changes before you perform an update.

    Update All

    If the configuration update contains a configuration error, the Update All and the member Update links are disabled and the Configuration Error icon is displayed. Click the icon to discover which objects have been misconfigured. You need to fix the error by canceling or modifying the changes before you perform an update.

    Pending

    Indicates that the server is processing a configuration change, but has not completed the process.

    Locked

    Indicates that another administrator is making configuration changes. Before you proceed with any configuration changes, you need to coordinate with this administrator and wait until Access Gateway has been updated with the other administrator’s changes.

Scheduling a Command

  1. Click Devices > Access Gateways.

  2. (Conditional) To schedule a shutdown or restart, select a server, then click Actions > Schedule Restart or Schedule Stop. Continue with Step 3.

  3. Specify the following details:

    Field

    Description

    Name Scheduled Command

    Specify a name for this command. This name is used in log files.

    Description

    (Optional) Specify a reason for the command.

    Date & Time

    Select the day, month, year, hour, and minute when the command must execute.

    The following fields display information about the command you are scheduling:

    Type: Displays the type of command that is being scheduled, such as Access Gateway Shutdown, Access Gateway Restart, or Access Gateway Upgrade.

    Server: Displays the name of the server that the command is being scheduled for.

  4. Click OK.